SAS Type 2 Audit 2808
datcolin last edited by
I have a client which is a PCI certified Service Provider.
But now some of their clients are asking for SAS 70 Type 2 certification. I would appreciate if anyone can answer the following questions:
- What critical areas would be covered in a SAS 70 type 2 audit?
- Considering that client is already PCI certified, would it help the client to expedite the SAS 70 certification process?
- The scope of SAS 70 testing would be the whole processing environment which handles credit card and PII data, how long would it take to be SAS 70 type 2 compliant?
- The organization is a Level 1 service provider with 50 staff members, so you can imagine it’s a small organization, what will be the estimated cost of the SAS 70 type 2 audit?
I would appreciate if you could answer the above questions at your earliest convenience.